From 80a036f26e72f9a85ed46eaea8eed14c5e1c88ff Mon Sep 17 00:00:00 2001 From: Ohad Shai Date: Fri, 26 Aug 2022 00:45:13 +0300 Subject: [PATCH 1/2] Create SECURITY.md --- SECURITY.md | 73 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 73 insertions(+) create mode 100644 SECURITY.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 00000000..3f67ef63 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,73 @@ +## Reporting security issues + +Please report security issues related to the project to the +following email address: + + ohadshai(at)gmail.com + + + + +## Verifying contents + +All SLF4J project artifacts published on Maven central are signed. For +each artifact, there is an associated signature file with the .asc +suffix. + +### 2.1.14 + + +To verify the signature use [this public key](https://keys.openpgp.org/vks/v1/by-fingerprint/47EB6836245D2D40E89DFB4136D4E9618F3ADAB5). +Here is its fingerprint: +``` +pub rsa3072 2021-11-27 [SCEA] + 47EB6836245D2D40E89DFB4136D4E9618F3ADAB5 +sub rsa3072 2021-11-27 [E] +``` + +A copy of this key is stored on the +[keys.openpgp.org](https://keys.openpgp.org) keyserver. To add it to +your public key ring use the following command: + +``` +> FINGER_PRINT=47EB6836245D2D40E89DFB4136D4E9618F3ADAB5 +> gpg --keyserver hkps://keys.openpgp.org --recv-keys $FINGER_PRINT +``` + +### 2.0.8-2.0.11 + +To verify the signature use [this public key](https://keyserver.ubuntu.com/pks/lookup?op=get&search=0x637b8fb6cd0b57ca1e833e897f083a4ab2af5107). +Here is its fingerprint: +``` +pub rsa3072 2021-05-30 [SC] + 637B8FB6CD0B57CA1E833E897F083A4AB2AF5107 +uid Ohad Shai +sub rsa3072 2021-05-30 [E] +``` + +A copy of this key is stored on the +[keyserver.ubuntu.com](https://keyserver.ubuntu.com) keyserver. To add it to +your public key ring use the following command: + +``` +> FINGER_PRINT=637B8FB6CD0B57CA1E833E897F083A4AB2AF5107 +> gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys $FINGER_PRINT +``` +### 2.0.2-2.0.7 + +To verify the signature use [this public key](https://keyserver.ubuntu.com/pks/lookup?op=get&search=0xe52567d2589415bd74eb4c2867631bc0568801c3). +Here is its fingerprint: +``` +pub rsa4096 2016-08-29 [SC] + E52567D2589415BD74EB4C2867631BC0568801C3 +uid Ohad Shai +sub rsa4096 2016-08-29 [E] +``` + +A copy of this key is stored on the +[keyserver.ubuntu.com](https://keyserver.ubuntu.com) keyserver. To add it to +your public key ring use the following command: + +``` +> FINGER_PRINT=E52567D2589415BD74EB4C2867631BC0568801C3 +> gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys $FINGER_PRINT +``` From 3253e4fc9a4f00ddab29ca38f1488abcd1a3da08 Mon Sep 17 00:00:00 2001 From: Ohad Shai Date: Fri, 26 Aug 2022 01:29:09 +0300 Subject: [PATCH 2/2] Update SECURITY.md Co-authored-by: Michael Bailey <1195562+yogurtearl@users.noreply.github.com> --- SECURITY.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/SECURITY.md b/SECURITY.md index 3f67ef63..5de921f5 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -10,7 +10,7 @@ following email address: ## Verifying contents -All SLF4J project artifacts published on Maven central are signed. For +All `kotlin-logging` project artifacts published on Maven central are signed. For each artifact, there is an associated signature file with the .asc suffix.